Search in ISMS Guides


Tuesday, September 25, 2007

What Documents can I read to help me prepare for BS7799?

There are a number of documents that are available, in addition to the BS 7799 and ISO17799 standards themselves, and these include:

From BSI

- Information Security Management: An Introduction (PD 3000);
- Preparing for BS 7799 Certification (PD 3001);
- Guide to BS 7799 Risk Assessment and Risk Management (PD 3002);
- Are you ready for a BS 7799 Audit? (PD 3003);
- Guide to BS7799 Auditing (PD 3004);
- Guide on the Selection of BS 7799 Controls (PD 3005).

Other publishers

- ISO Guide 62 – General Requirements for Bodies Operating Assessment / Registration of Quality Systems (to merge with ISO Guide 66 to become ISO 17021);
- EA-7/03 – Guidelines for the Accreditation of Bodies Operating Certification/ Registration of Information Security Management Systems;
- ISO 19011 – Guidelines for Quality and / or Environmental Management Systems Auditing.

A number of books have been published on the BS 7799 process, a check of the local IT Bookshop or Amazon should provide numerous titles from which to choose.

The types of Audit that may be undertaken in an organization

There are a number of audits that may be undertaken in an organisation, and these include:

- First Party (Internal Audit) – Within an organisation, internal review etc;

- Second Party (Supplier Audit) – Of a supplier or contractor

- Third Party Audit – By a CB

Back to : How does the BS7799 / ISO 27001 certification audit process actually work?
Source :

No comments: